Cybercriminals are active on weekends and holidays, according to Check Point, and companies are particularly vulnerable during these times.
Check Point Software Technologies Ltd., a leading provider of cyber security solutions globally, recently issued a warning about the dangers of companies letting their cybersecurity guard down as cybercriminals are active on weekends and holidays.
Busy times
During a holiday period or over a weekend, companies often operate with a skeleton team, with fewer staff to be on the lookout for any type of incident, according to Check Point. This makes it easier for cybercriminals to operate in several ways. It can allow for ransomware to be fully deployed before anyone notices and it causes additional confusion during response operations, especially if the victim’s IT teams are not available to respond.
This is not a new trend, as shown by the hugely disruptive cyberattack on the Colonial Pipeline which cut fuel supplies over the Mother’s Day weekend and the attack on the meat packing firm JBS On the Friday before Memorial Day weekend.
As cybercriminals are active on weekends and holidays, “Long weekends create the perfect conditions for threat actors to cause maximum damage. You need to take into account the fact that, at this time, everything is ‘paralysed’ so once criminals gain access to the network, there is far more time to extend the attack and reach a large number of computers, and their data. This is one of the reasons why it is essential to have a good cybersecurity prevention strategy and not wait until the damage is already done before you address the problem”, explains Ram Narayanan, Country Manager at Check Point, Middle East
Defensive measures
Check Point suggest a range of defensive strategies:
Create a pro-active strategy to monitor indicators of attacks and address all processes, technology, systems and people, with a focus on preparing for an attack, not waiting for it to happen.
A zero trust strategy is vital and no device, user, workflow or system should be trusted by default, regardless of the location from which it operates, either inside or outside the security perimeter.
Mobile devices must be protected as hybrid working has been adopted in most companies. Check Point Harmony Mobile provides real-time threat intelligence and visibility into threats that could affect businesses, protecting them against any type of attack targeting mobile devices.
Cybersecurity training for employees cannot be neglected. One of the weakest links in any company is the lack of training for its members. Company members must be able to identify and avoid possible attacks.
The warning adds additional weight to the fears expressed by UAE companies in a recent report by Cybereason.
